Snort behind an initial firewall

cjbujold · Mar 24, 2013, 7:25 PM

Trying to configure snort on PFsense when the pfsense box is behind an initial firewall.

The setup is the ISP Internet connection comes in a first router and some Internet traffic is directed to the PFSense box hosting snort. Essentially the PFsense box is receiving the internet via a 192.168.172.4 WAN connection and a 192.168.172.100 gateway to the PFsense box/Lan which is 192.168.30.1.

The issue is snort blocks the traffic from 192.168.172.100, since i presume, it thinks it is an invalid IP. How can I tell snort to accept all traffic from this IP and gateway but to check it and not lock out the gateway in the process.

When I turn on Snort it blocks the gateway with various rules coming or going out to an Internet address.

Thanks for the help!

jonesr · Mar 26, 2013, 6:45 AM

With the timing of your post, it may have nothing to do with being a rear firewall - http://forum.pfsense.org/index.php/topic,60329.45.html

Many found their WAN IPs blocked regardless of whether they were whitelisted. Uninstall and reinstall seems to fix the problem.